diff options
| author | Konstantin Demin <rockdrilla@gmail.com> | 2019-03-25 22:00:28 +0300 |
|---|---|---|
| committer | Hans Dedecker <dedeckeh@gmail.com> | 2019-03-25 22:25:35 +0100 |
| commit | 01964148c638e88d2ec29e63880c12c84b84c5a4 (patch) | |
| tree | 71d942402ba851e2032ab0472472d157eb2bb145 /package/network/services/dropbear/Config.in | |
| parent | 5eb7864aadd5d4dffdb9befb87ba9a025a728b71 (diff) | |
| download | upstream-01964148c638e88d2ec29e63880c12c84b84c5a4.tar.gz upstream-01964148c638e88d2ec29e63880c12c84b84c5a4.tar.bz2 upstream-01964148c638e88d2ec29e63880c12c84b84c5a4.zip | |
dropbear: split ECC support to basic and full
- limit ECC support to ec*-sha2-nistp256:
* DROPBEAR_ECC now provides only basic support for ECC
- provide full ECC support as an option:
* DROPBEAR_ECC_FULL brings back support for ec{dh,dsa}-sha2-nistp{384,521}
- update feature costs in binary size
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Diffstat (limited to 'package/network/services/dropbear/Config.in')
| -rw-r--r-- | package/network/services/dropbear/Config.in | 31 |
1 files changed, 24 insertions, 7 deletions
diff --git a/package/network/services/dropbear/Config.in b/package/network/services/dropbear/Config.in index ca0af9d5e0..9106322eea 100644 --- a/package/network/services/dropbear/Config.in +++ b/package/network/services/dropbear/Config.in @@ -8,29 +8,46 @@ config DROPBEAR_CURVE25519 This enables the following key exchange algorithm: curve25519-sha256@libssh.org - Increases binary size by about 13 kB uncompressed (MIPS). + Increases binary size by about 8 kB uncompressed (MIPS). config DROPBEAR_ECC bool "Elliptic curve cryptography (ECC)" default n help - Enables elliptic curve cryptography (ECC) support in key exchange and public key - authentication. + Enables basic support for elliptic curve cryptography (ECC) + in key exchange and public key authentication. Key exchange algorithms: ecdh-sha2-nistp256 + + Public key algorithms: + ecdsa-sha2-nistp256 + + Increases binary size by about 24 kB (MIPS). + + If full ECC support is required, also select DROPBEAR_ECC_FULL. + +config DROPBEAR_ECC_FULL + bool "Elliptic curve cryptography (ECC), full support" + default n + depends on DROPBEAR_ECC + help + Enables full support for elliptic curve cryptography (ECC) + in key exchange and public key authentication. + + Key exchange algorithms: + ecdh-sha2-nistp256 (*) ecdh-sha2-nistp384 ecdh-sha2-nistp521 Public key algorithms: - ecdsa-sha2-nistp256 + ecdsa-sha2-nistp256 (*) ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 - Does not generate ECC host keys by default (ECC key exchange will not be used, - only ECC public key auth). + (*) - basic ECC support; provided by DROPBEAR_ECC. - Increases binary size by about 23 kB (MIPS). + Increases binary size by about 4 kB (MIPS). config DROPBEAR_ZLIB bool "Enable compression" |